4.3

CVE-2012-0214

EPSS 0.12%
Published 15.04.2014 23:55:08
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Advanced Package Tool ≫ Advanced Package Tool Version <= 0.8.16\~exp12

Advanced Package Tool ≫ Advanced Package Tool Version0.8.11

Advanced Package Tool ≫ Advanced Package Tool Version0.8.12

Advanced Package Tool ≫ Advanced Package Tool Version0.8.13

Advanced Package Tool ≫ Advanced Package Tool Version0.8.14

Advanced Package Tool ≫ Advanced Package Tool Version0.8.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.275

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92

http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6

http://www.ubuntu.com/usn/USN-1385-1

https://nvd.nist.gov/vuln/detail/CVE-2012-0214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0214

EUVD